CN106407127B - Data encryption method and device - Google Patents

Data encryption method and device Download PDF

Info

Publication number
CN106407127B
CN106407127B CN201510465717.8A CN201510465717A CN106407127B CN 106407127 B CN106407127 B CN 106407127B CN 201510465717 A CN201510465717 A CN 201510465717A CN 106407127 B CN106407127 B CN 106407127B
Authority
CN
China
Prior art keywords
data
memory
area
plaintext
writing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510465717.8A
Other languages
Chinese (zh)
Other versions
CN106407127A (en
Inventor
王炼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510465717.8A priority Critical patent/CN106407127B/en
Publication of CN106407127A publication Critical patent/CN106407127A/en
Application granted granted Critical
Publication of CN106407127B publication Critical patent/CN106407127B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a data encryption method and device, and belongs to the technical field of encryption. The data encryption method comprises the following steps: applying for a section of memory for plaintext data to be encrypted according to a preset mode, wherein the size of the memory is equal to that of ciphertext data obtained by encrypting the plaintext data; writing the plaintext data to the second region; sequentially reading plaintext data blocks with preset sizes from unread plaintext data in the second area, and encrypting the read plaintext data blocks according to a preset encryption algorithm to obtain ciphertext data blocks; and writing the ciphertext data block into the first region. The invention reduces the memory overhead and ensures that the low-power consumption embedded equipment with smaller memory carries out encryption storage.

Description

Data encryption method and device
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a data encryption method and apparatus.
Background
To ensure the security of data, it is usually necessary to encrypt the data.
A common encryption method is: firstly, applying for two sections of memories in the memory of the equipment, wherein one section of memory is used for storing plaintext, the other section of memory is used for storing ciphertext, and the section of memory is marked as a second memory; and then, reading the plaintext data from the first memory, encrypting the read plaintext data according to a preset encryption mode, and storing the encrypted data ciphertext into the second memory.
In the process of implementing the invention, the inventor finds that the related art has at least the following problems: because two sections of memories need to be applied in the encryption mode, the encryption mode is not suitable for devices with smaller memories, such as low-power-consumption embedded devices with contents of only 256 bytes.
disclosure of Invention
in order to solve the problem that two sections of memories are required to be applied during encryption in the related art and the related technologies are not suitable for devices with smaller memories, embodiments of the present invention provide a data encryption method and apparatus. The technical scheme is as follows:
in a first aspect, a data encryption method is provided, the method including:
Applying for a section of memory for plaintext data to be encrypted according to a predetermined mode, wherein the memory comprises a first region located at the head of the memory and a second region located at the tail of the memory, and the size of the memory is equal to that of ciphertext data obtained by encrypting the plaintext data;
Writing the plaintext data to the second region;
Sequentially reading plaintext data blocks with preset sizes from unread plaintext data in the second area, and encrypting the read plaintext data blocks according to a preset encryption algorithm to obtain ciphertext data blocks;
And writing the ciphertext data block into the first area, and continuing to write into the second area after the first area is full.
the beneficial effect that above-mentioned technical scheme brought is: the method comprises the steps of applying for only one section of memory smaller than the sum of plaintext data and ciphertext data obtained by encrypting the plaintext data, writing the plaintext data into the memory, reading plaintext data blocks in sequence, encrypting the read plaintext data blocks to obtain encrypted ciphertext data blocks, and writing the obtained ciphertext data blocks into the memory.
Optionally, the applying for a segment of memory for plaintext data to be encrypted according to a predetermined manner includes:
Predicting the size of ciphertext data obtained by encrypting the plaintext data according to the preset encryption algorithm, wherein the ciphertext data comprises data corresponding to the plaintext data and preset description information;
And applying for a memory with the size equal to that of the ciphertext data.
the beneficial effect that above-mentioned technical scheme brought is: the size of the cipher text data obtained after the plaintext data are encrypted is calculated in advance according to a preset encryption calculation, and the size of the memory is determined, namely the memory only needs to be set to store the size of the cipher text data, so that the space of the applied memory is reduced as far as possible while the plaintext data are encrypted.
Optionally, the writing the ciphertext data block into the first region includes:
And sequentially writing encrypted ciphertext data blocks from the initial position of the first area, to which data is not written.
the beneficial effect that above-mentioned technical scheme brought is: the encrypted ciphertext data blocks obtained by encryption are written in sequence at the initial position where data are not written in the first area, so that sequential writing of the ciphertext data can be ensured, the situation that the written ciphertext data and the plaintext data which are not encrypted are covered is avoided, and the possibility of encrypting the plaintext data and correctly reading the ciphertext data is provided.
Optionally, the writing the ciphertext data block into the first area, and continuing to write into the second area after the first area is full, includes:
Detecting whether the first area is full;
If the first area is fully written, sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area;
And if the first area is not fully written, writing the ciphertext data block into the first area.
The beneficial effect that above-mentioned technical scheme brought is: after the first area is fully written, sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area; since the plaintext data stored in the start position of the second region is read and encrypted, the plaintext data has no meaning, and the ciphertext data can be covered on the plaintext data, so that the second region used for storing the plaintext data in the previous period is finally covered by the ciphertext data, the second region is repeatedly used by the plaintext data and the ciphertext data, and the possibility of reducing the occupation of the data on the memory is provided as much as possible.
Optionally, the method further includes:
And when all the plaintext data are encrypted and all the encrypted ciphertext data obtained by encryption are written into the memory, writing the description information in an area which is not covered by the ciphertext data in the second area in a covering manner.
the beneficial effect that above-mentioned technical scheme brought is: when the plaintext data is completely encrypted, the plaintext data stored in the memory has no existing significance, the description information can be written into the region for storing the plaintext data in a covering manner, the region for storing the ciphertext data and the region for storing the description information are the memory of the whole application, and the storage of the description information can ensure that the related operation is carried out when the ciphertext data is read.
optionally, the method further includes:
And releasing the applied memory when the plaintext data is completely encrypted and all encrypted ciphertext data are read.
The beneficial effect that above-mentioned technical scheme brought is: the memory applied for the application is released after all plaintext data are encrypted and all encrypted ciphertext data are read, so that the time occupied by the memory can be effectively shortened, other services in the equipment can continuously use the memory, and the working efficiency of the equipment is improved.
In a second aspect, there is provided a data encryption apparatus, the apparatus comprising:
the memory application module is used for applying for a section of memory for plaintext data to be encrypted according to a preset mode, the memory comprises a first region located at the head of the memory and a second region located at the tail of the memory, and the size of the memory is equal to that of ciphertext data obtained by encrypting the plaintext data;
a first writing module, configured to write the plaintext data into the second area;
The data encryption module is used for sequentially reading plaintext data blocks with preset sizes from unread plaintext data in the second area and encrypting the read plaintext data blocks according to a preset encryption algorithm to obtain ciphertext data blocks;
And the second writing module is used for writing the ciphertext data block obtained by the encryption of the data encryption module into the first area, and continuing to write the ciphertext data block into the second area after the first area is full.
The beneficial effect that above-mentioned technical scheme brought is: the method comprises the steps of applying for only one section of memory smaller than the sum of plaintext data and ciphertext data obtained by encrypting the plaintext data, writing the plaintext data into the memory, reading plaintext data blocks in sequence, encrypting the read plaintext data blocks to obtain encrypted ciphertext data blocks, and writing the obtained ciphertext data blocks into the memory.
Optionally, the memory application module includes:
A size prediction unit configured to predict a size of ciphertext data obtained by encrypting the plaintext data according to the predetermined encryption algorithm, where the ciphertext data includes data corresponding to the plaintext data and predetermined description information;
And the memory application unit is used for applying a memory with the size equal to the size of the ciphertext data predicted by the size prediction unit.
The beneficial effect that above-mentioned technical scheme brought is: the size of the cipher text data obtained after the plaintext data is encrypted is calculated in advance according to a preset encryption calculation, and the size of the memory is determined, namely the memory only needs to be provided with the size of the former one or both of the cipher text data and description information for describing the cipher text data, so that the space of the applied memory is reduced as much as possible while the plaintext data can be encrypted.
Optionally, the second writing module is further configured to:
and sequentially writing encrypted ciphertext data blocks from the initial position of the first area, to which data is not written.
The beneficial effect that above-mentioned technical scheme brought is: the encrypted ciphertext data blocks obtained by encryption are written in sequence at the initial position where data are not written in the first area, so that sequential writing of the ciphertext data can be ensured, the situation that the written ciphertext data and the plaintext data which are not encrypted are covered is avoided, and the possibility of encrypting the plaintext data and correctly reading the ciphertext data is provided.
Optionally, the second writing module includes:
A detection unit configured to detect whether the first area is full;
The first writing unit is used for sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area when the detection unit detects that the first area is fully written;
And the second writing unit is further used for writing the ciphertext data block into the first area when the detection unit detects that the first area is not fully written.
The beneficial effect that above-mentioned technical scheme brought is: after the first area is fully written, sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area; since the plaintext data stored in the start position of the second region is read and encrypted, the plaintext data has no meaning, and the ciphertext data can be covered on the plaintext data, so that the second region used for storing the plaintext data in the previous period is finally covered by the ciphertext data, the second region is repeatedly used by the plaintext data and the ciphertext data, and the possibility of reducing the occupation of the data on the memory is provided as much as possible.
Optionally, the apparatus further comprises:
And the description information writing module is used for writing description information for describing the ciphertext data in an area which is not covered by the ciphertext data in the second area after all the plaintext data are encrypted and all the ciphertext data obtained by encryption are written into the memory.
The beneficial effect that above-mentioned technical scheme brought is: when the plaintext data is completely encrypted, the plaintext data stored in the memory has no existing significance, the description information can be written into the region for storing the plaintext data in a covering manner, the region for storing the ciphertext data and the region for storing the description information are the memory of the whole application, and the storage of the description information can ensure that the related operation is carried out when the ciphertext data is read.
optionally, the apparatus further comprises:
And the memory release module is used for releasing the applied memory after the plaintext data is completely encrypted and all encrypted ciphertext data are read.
The beneficial effect that above-mentioned technical scheme brought is: the memory applied for the application is released after all plaintext data are encrypted and all encrypted ciphertext data are read, so that the time occupied by the memory can be effectively shortened, other services in the equipment can continuously use the memory, and the working efficiency of the equipment is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flow diagram of a method of encrypting data provided in one embodiment of the invention;
FIG. 2A is a flow chart of a method of encrypting data provided in another embodiment of the present invention;
fig. 2B is a flowchart of applying for a section of memory for plaintext data to be encrypted according to a predetermined manner according to an embodiment of the present invention;
Fig. 2C is a schematic diagram of region allocation when the memory provided in the embodiment of the present invention stores plaintext data and ciphertext data;
FIG. 2D is a diagram illustrating writing of a ciphertext data block to a first region, as provided by an embodiment of the present invention;
FIG. 2E is a diagram illustrating writing of a ciphertext data block to a second region, as provided by an embodiment of the invention;
fig. 3 is a schematic structural diagram of a data encryption device provided in an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data encryption device provided in another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
fig. 1 is a flow chart of a method of encrypting data provided in an embodiment of the invention. The data encryption method can be applied to low-power-consumption embedded equipment, wherein the low-power-consumption embedded equipment has very small memory and has very high use requirement on the memory. The data encryption method may include:
Step 101, applying for a section of memory for plaintext data to be encrypted according to a predetermined manner, where the memory includes a first region located at a head of the memory and a second region located at a tail of the memory, and a size of the memory is equal to a size of ciphertext data obtained by encrypting the plaintext data.
Step 102, writing the plaintext data into the second area.
step 103, sequentially reading plaintext data blocks with a predetermined size from the unread plaintext data in the second region, and encrypting the read plaintext data blocks according to a predetermined encryption algorithm to obtain ciphertext data blocks.
And 104, writing the ciphertext data block into the first area, and continuing to write into the second area after the first area is full.
in summary, in the data encryption method provided in the embodiment of the present invention, only a section of memory smaller than the sum of plaintext data and ciphertext data obtained by encrypting the plaintext data is applied, the plaintext data is written into the memory, plaintext data blocks are sequentially read, the read plaintext data blocks are encrypted to obtain encrypted ciphertext data blocks, and the obtained ciphertext data blocks are written into the memory.
fig. 2A is a flow chart of a method of encrypting data provided in another embodiment of the present invention. The data encryption method can be applied to low-power-consumption equipment, wherein the low-power-consumption equipment is equipment with very small memory and very high use requirement on the memory, such as embedded equipment with low power consumption. The data encryption method may include:
Step 201, applying for a section of memory for plaintext data to be encrypted according to a predetermined manner, where the memory includes a first region located at a head of the memory and a second region located at a tail of the memory, and a size of the memory is equal to a size of ciphertext data obtained by encrypting the plaintext data.
In practical application, each section of plaintext data is encrypted by the low-power-consumption embedded device, and a section of memory is applied according to the number of bytes of the section of plaintext data.
Generally, the memory of a low power consumption device is usually very small, for example, only 256 bytes, so in order to reduce the memory occupation during encryption as much as possible, in each embodiment of the present invention, when encrypting plaintext data that needs to be encrypted, only one end of the memory is applied, and the size of the applied memory is equal to the size of ciphertext data obtained by encrypting the plaintext data.
Compared with the related art, two sections of memories are required to be applied, wherein one section of memory is used for storing plaintext data required to be encrypted, the other section of memory is used for storing ciphertext data obtained by encrypting the plaintext data, and the size of the memory is smaller than the sum of the two sections of memories in the related art, so that the memory occupation is saved.
In order to facilitate orderly writing of plaintext data and generated ciphertext data in the memory of the application, the memory may be generally configured as two regions, that is, the content of the application may include a first region located at a head portion of the memory and a second region located at a tail portion of the memory.
optionally, the next position of the ending position of the first area is the starting position of the second area.
In a possible implementation manner, the size of the memory may be budgeted first, and then the memory is applied according to the budgeted size, which may be specifically shown in fig. 2B, which is a flowchart that is provided in an embodiment of the present invention and applies for a section of memory for plaintext data that needs to be encrypted according to a predetermined manner. In fig. 2B, the low power consumption device applies for a section of memory for plaintext data to be encrypted according to a predetermined manner, and may include the following steps:
In step 201a, the size of ciphertext data obtained by encrypting the plaintext data according to a predetermined encryption algorithm is estimated, and the ciphertext data includes data corresponding to the plaintext data and predetermined description information.
The predetermined encryption algorithm is an algorithm for encrypting the plaintext data by the low-power-consumption device, and the predetermined encryption algorithm is usually determined by the encryption requirement for the plaintext data, and the embodiment does not limit the manner of the predetermined encryption algorithm.
Generally speaking, the bytes occupied by the ciphertext data obtained by encrypting the plaintext data are usually larger than the bytes occupied by the corresponding plaintext data, so that when applying for the memory, the bytes occupied by the ciphertext data at the position can be budgeted first, and then the bytes occupied by the ciphertext data are used to determine the memory to be applied.
Generally, in order to ensure that a receiving end of ciphertext data can know an encryption mode of the ciphertext data so as to decrypt the received ciphertext data, a low power consumption device usually writes description information such as an encryption algorithm into an applied memory so as to send the description information read from the memory to the receiving end of the ciphertext data. The description information may be description information for describing an encryption manner for encrypting the ciphertext data, or may be information for describing bytes occupied by all the ciphertext data, and the like, and the specific content of the description information is not limited in this embodiment.
generally, the description information and the like are all used as a part of the ciphertext data, that is, the ciphertext data includes other description information in addition to the data obtained by encrypting the plaintext data.
Therefore, when applying for the memory, the size occupied by the description information for describing the ciphertext data generally needs to be considered, and the description information is generally 8 bits to 10 bits.
In step 201b, a memory with a size equal to that of the ciphertext data is applied.
in order to reduce the occupation of the memory as much as possible, and considering that the ciphertext data can be sequentially encrypted according to the plaintext data, the ciphertext data can not occupy the memory in the initialization stage, and the ciphertext data gradually occupies the memory along with the generation of the ciphertext data. Therefore, when applying for the memory, the memory with the size equal to that of the ciphertext data is applied.
typically, the second area in the memory is typically set to the size of the plaintext data. Optionally, the predetermined size is shifted from the tail position of the memory to the beginning position of the second area, where the predetermined size is the size of the plaintext data.
optionally, please refer to fig. 2C, which is a schematic diagram illustrating region allocation when the memory applied for storing the plaintext data and the ciphertext data according to an embodiment of the present invention, in fig. 2C, the memory applied for includes a first region 22 and a second region 24, where the size of the second region 24 is equal to a byte occupied by the plaintext data.
Generally, ciphertext data obtained by encrypting plaintext data is usually larger than the plaintext data, so that when a memory with the size equal to that of the ciphertext data is applied, the second area display can be used for storing all plaintext data.
Step 202, writing the plaintext data into the second area.
When writing the plain data in the second area, the plain data may be written in the second area sequentially from the start position of the second area.
optionally, when writing the plaintext data into the second area, a first write pointer may be set, where a start position of the first write pointer is a start position of the second area, and in the process of writing the plaintext data, every time a byte is written, a position indicated by the first write pointer is incremented by 1 until the first write pointer points to an end position of the second area, so as to complete writing of the plaintext data.
step 203, sequentially reading plaintext data blocks with a predetermined size from the unread plaintext data in the second region, and encrypting the read plaintext data blocks according to a predetermined encryption algorithm to obtain ciphertext data blocks.
When the plaintext data is completely written into the second area, the plaintext data starts to be encrypted, and at this time, the plaintext data can be sequentially read from the start position of the second area.
And when the plaintext data block is read out, encrypting the read plaintext data block according to a preset encryption algorithm to obtain encrypted ciphertext data, and recording the ciphertext data obtained by encrypting the plaintext data with a preset size as a ciphertext data block.
Optionally, when the plaintext data block is to be read from the second area, a first read pointer may be set, where a start position of the first read pointer is a start position of the second area, and in the process of reading plaintext data, 1 is added to a position indicated by the first read pointer every time a byte is read, until the first read pointer moves by a byte of a predetermined size, and reading of a plaintext data block is completed.
in order to read plaintext data in order and avoid omission of plaintext data, plaintext data blocks of a predetermined size may be sequentially read from unread plaintext data in the second region, and the read plaintext data blocks are encrypted according to a predetermined encryption algorithm to obtain ciphertext data blocks.
step 204, detecting whether the first area is full.
After the ciphertext data block is obtained, the ciphertext data block needs to be written into the first area, but because the memory is applied according to the memory occupied by all the ciphertext data and the plaintext data already occupies the second area in the memory, the first area may be completely written after a part of the ciphertext data is written. Therefore, after obtaining the ciphertext data block, it is necessary to first detect whether the first region is already full.
obviously, it can be detected whether the first area is full every time a byte in the ciphertext data block is written.
In step 205, if the first region is not full, the ciphertext data block is written into the first region.
if the first area is not fully written, the obtained ciphertext data block can be written into the first area, and when the low-power consumption device writes the ciphertext data block into the first area, in order to avoid that the later obtained ciphertext data block covers the previously written ciphertext data block, the encrypted ciphertext data blocks need to be sequentially written from the initial position of the first area, where data is not written.
Optionally, when the ciphertext data is written into the first area, a second write pointer may be set, where a start position of the second write pointer is a start position of the first area, and in the process of writing the ciphertext data, 1 is added to a position indicated by the second write pointer every time a byte is written.
when detecting whether the first area is full, it may be detected whether the second write pointer points to the end position of the first area, and if the second write pointer is pointing to the end position of the first area, it indicates that the first area is full, and if the second write pointer points to a position before the end position of the first area, it indicates that the first area is not full.
Referring to fig. 2D, which is a schematic diagram of writing a ciphertext data block into a first region according to an embodiment of the present invention, a plaintext data block 26 with a predetermined size is read from the second region 24 in fig. 2D by using a first read pointer P1, the read plaintext data block 26 is encrypted to obtain a ciphertext data block 28, the obtained ciphertext data block 28 is written into the first region 22 by using a second write pointer P2, and when writing into the first region 22, the ciphertext data block 28 is written from a start position 29 of the first region 22 where data is not written (i.e., a position pointed by the second write pointer P2 before writing into the ciphertext data block 28), and each time a byte in the ciphertext data block 28 is written, the second write pointer P2 is moved backward by one bit until all of the ciphertext data block 28 is written.
in step 206, if the first area is full, the encrypted ciphertext data blocks are written from the start position of the second area in an overwriting manner.
since the plaintext data is written in sequence from the start position of the second region, and the plaintext data written in the second region is also read in sequence from the start position of the second region, the plaintext data at the start position of the second region has been encrypted and written in the first region, that is, the plaintext data at the start position of the second region no longer has significance, and at this time, after the first region is fully written, the encrypted ciphertext data blocks may be written in sequence in an overwriting manner from the start position of the second region.
Referring to fig. 2E, which is a schematic diagram of writing a ciphertext data block into the second region according to an embodiment of the present invention, a plaintext data block 26 ' with a predetermined size is read from the second region 24 in fig. 2E by using the first read pointer P1, the read plaintext data block 26 ' is encrypted to obtain a ciphertext data block 28 ', the obtained ciphertext data block 28 ' is written into the second region 24 by using the second write pointer P2, and the second write pointer P2 is moved backward for one byte of the ciphertext data block 28 ' every time the ciphertext data block 28 ' is written into the second region 24 until the ciphertext data block 28 ' is completely written.
Step 207, after all the plaintext data are encrypted and all the encrypted ciphertext data obtained by encryption are written into the memory, writing description information for describing the ciphertext data into the area, which is not covered by the ciphertext data, of the second area in a covering manner.
As can be seen from step 201a and step 201b, the size of the applied memory can accommodate all the ciphertext data (i.e., the data corresponding to the plaintext data) and the description information for describing the ciphertext data, so that after all the ciphertext data are written from the start position of the memory, the memory still has a remaining content, and the remaining content can be used for writing the description information. Obviously, if the memory is only the size of the ciphertext data, after all the ciphertext data are written, the second region does not have a region not covered by the ciphertext data, and therefore, the description information for describing the ciphertext data does not need to be written.
Therefore, when all the plaintext data are encrypted and all the encrypted ciphertext data obtained by encryption are written into the memory, the description information for describing the ciphertext data is written in an area, which is not covered by the ciphertext data, of the second area in a covering manner.
And step 208, releasing the applied memory when the plaintext data is completely encrypted and all encrypted ciphertext data are read.
After the plaintext data is completely encrypted and all encrypted ciphertext data is read, the applied memory can be released in order to recycle the applied content.
In summary, in the data encryption method provided in the embodiment of the present invention, only a section of memory smaller than the sum of plaintext data and ciphertext data obtained by encrypting the plaintext data is applied, the plaintext data is written into the memory, plaintext data blocks are sequentially read, the read plaintext data blocks are encrypted to obtain encrypted ciphertext data blocks, and the obtained ciphertext data blocks are written into the memory.
in addition, the size of the cipher text data obtained after the plaintext data is encrypted is calculated in advance according to a preset encryption calculation, and the size of the memory is determined, namely the memory only needs to be provided with the size of the description information which can be used for the cipher text data and describing the cipher text data, so that the space of the applied memory is reduced as much as possible while the plaintext data can be encrypted.
the encrypted ciphertext data blocks obtained by encryption are written in sequence at the initial position where data are not written in the first area, so that sequential writing of the ciphertext data can be ensured, the situation that the written ciphertext data and the plaintext data which are not encrypted are covered is avoided, and the possibility of encrypting the plaintext data and correctly reading the ciphertext data is provided.
after the first area is fully written, sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area; since the plaintext data stored in the start position of the second region is read and encrypted, the plaintext data has no meaning, and the ciphertext data can be covered on the plaintext data, so that the second region used for storing the plaintext data in the previous period is finally covered by the ciphertext data, the second region is repeatedly used by the plaintext data and the ciphertext data, and the possibility of reducing the occupation of the data on the memory is provided as much as possible.
When the plaintext data is completely encrypted, the plaintext data stored in the memory has no existing significance, the description information can be written into the region for storing the plaintext data in a covering manner, the region for storing the ciphertext data and the region for storing the description information are the memory of the whole application, and the storage of the description information can ensure that the related operation is carried out when the ciphertext data is read.
the memory applied for the application is released after all plaintext data are encrypted and all encrypted ciphertext data are read, so that the time occupied by the memory can be effectively shortened, other services in the equipment can continuously use the memory, and the working efficiency of the equipment is improved.
fig. 3 is a schematic structural diagram of a data encryption device provided in an embodiment of the present invention. The data encryption device can be applied to low-power-consumption embedded equipment, wherein the low-power-consumption embedded equipment is equipment with very small memory and very high use requirement on the memory. The data encryption device may include: the memory encryption module comprises a memory application module 310, a first write-in module 320, a data encryption module 330 and a second write-in module 340.
The memory application module 310 is configured to apply for a section of memory for plaintext data to be encrypted according to a predetermined manner, where the memory includes a first region located at a head of the memory and a second region located at a tail of the memory, and a size of the memory is smaller than a sum of a size of the plaintext data and a size of ciphertext data obtained by encrypting the plaintext data;
A first writing module 320, configured to write the plaintext data into the second region;
the data encryption module 330 is configured to sequentially read plaintext data blocks with a predetermined size from unread plaintext data in the second region, and encrypt the read plaintext data blocks according to a predetermined encryption algorithm to obtain ciphertext data blocks;
A second writing module 340, configured to write the ciphertext data block obtained by encrypting by the data encrypting module 330 into the first area, and continue to write into the second area after the first area is full.
in summary, the data encryption apparatus provided in the embodiment of the present invention applies only a section of memory smaller than the sum of plaintext data and ciphertext data obtained by encrypting the plaintext data, writes the plaintext data into the memory, then sequentially reads plaintext data blocks, encrypts the read plaintext data blocks to obtain encrypted ciphertext data blocks, and writes the obtained ciphertext data blocks into the memory.
Fig. 4 is a schematic structural diagram of a data encryption device provided in another embodiment of the present invention. The data encryption device can be applied to low-power-consumption embedded equipment, wherein the low-power-consumption embedded equipment is equipment with very small memory and very high use requirement on the memory. The data encryption device may include: the memory application module 410, the first write-in module 420, the data encryption module 430 and the second write-in module 440.
a memory application module 410, configured to apply for a section of memory for plaintext data to be encrypted according to a predetermined manner, where the memory includes a first region located at a head of the memory and a second region located at a tail of the memory, and a size of the memory is smaller than a sum of a size of the plaintext data and a size of ciphertext data obtained by encrypting the plaintext data;
a first writing module 420, configured to write the plaintext data into the second area;
A data encryption module 430, configured to sequentially read plaintext data blocks with a predetermined size from unread plaintext data in the second region, and encrypt the read plaintext data blocks according to a predetermined encryption algorithm to obtain ciphertext data blocks;
A second writing module 440, configured to write the ciphertext data block obtained by encrypting by the data encrypting module 430 into the first area, and continue to write into the second area after the first area is full.
in a possible implementation manner, the memory application module 410 includes: a size prediction unit 411 and a memory application unit 412.
A size prediction unit 411 configured to predict a size of ciphertext data obtained by encrypting the plaintext data according to the predetermined encryption algorithm, where the ciphertext data includes data corresponding to the plaintext data and predetermined description information;
a memory application unit 412, configured to apply for a memory with a size equal to the size of the ciphertext data predicted by the size prediction unit 411.
in a possible implementation manner, the second writing module 440 may further be configured to:
And sequentially writing encrypted ciphertext data blocks from the initial position of the first area, to which data is not written.
In one possible implementation, the second writing module 440 may include: a sensing unit 441, a first writing unit 442, and a third writing unit 443.
A detecting unit 441, configured to detect whether the first area is full;
a first writing unit 442, configured to overwrite encrypted ciphertext data blocks sequentially from a start position of the second area when the detecting unit 441 detects that the first area is full;
The second writing unit 443 is further configured to write the ciphertext data block into the first area when the detecting unit 441 detects that the first area is not full.
in one possible implementation manner, the data encryption apparatus may further include: the description information is written to the module 450.
the description information writing module 450 is configured to, after all plaintext data are encrypted and all encrypted ciphertext data obtained by the encryption are written into the memory, overwrite description information for describing the ciphertext data in an area where the second area is not overwritten by the ciphertext data.
In one possible implementation manner, the data encryption apparatus may further include: a memory release module 460.
The memory releasing module 460 is configured to release the applied memory when the plaintext data is completely encrypted and all encrypted ciphertext data are read.
In summary, the data encryption apparatus provided in the embodiment of the present invention applies only a section of memory smaller than the sum of plaintext data and ciphertext data obtained by encrypting the plaintext data, writes the plaintext data into the memory, then sequentially reads plaintext data blocks, encrypts the read plaintext data blocks to obtain encrypted ciphertext data blocks, and writes the obtained ciphertext data blocks into the memory.
in addition, the size of the cipher text data obtained after the plaintext data is encrypted is calculated in advance according to a preset encryption calculation, and the size of the memory is determined, namely the memory only needs to be provided with the size of the description information which can be used for the cipher text data and describing the cipher text data, so that the space of the applied memory is reduced as much as possible while the plaintext data can be encrypted.
The encrypted ciphertext data blocks obtained by encryption are written in sequence at the initial position where data are not written in the first area, so that sequential writing of the ciphertext data can be ensured, the situation that the written ciphertext data and the plaintext data which are not encrypted are covered is avoided, and the possibility of encrypting the plaintext data and correctly reading the ciphertext data is provided.
after the first area is fully written, sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area; since the plaintext data stored in the start position of the second region is read and encrypted, the plaintext data has no meaning, and the ciphertext data can be covered on the plaintext data, so that the second region used for storing the plaintext data in the previous period is finally covered by the ciphertext data, the second region is repeatedly used by the plaintext data and the ciphertext data, and the possibility of reducing the occupation of the data on the memory is provided as much as possible.
When the plaintext data is completely encrypted, the plaintext data stored in the memory has no existing significance, the description information can be written into the region for storing the plaintext data in a covering manner, the region for storing the ciphertext data and the region for storing the description information are the memory of the whole application, and the storage of the description information can ensure that the related operation is carried out when the ciphertext data is read.
The memory applied for the application is released after all plaintext data are encrypted and all encrypted ciphertext data are read, so that the time occupied by the memory can be effectively shortened, other services in the equipment can continuously use the memory, and the working efficiency of the equipment is improved.
it should be noted that: in the data encryption device provided in the above embodiment, when encrypting data, only the division of the above functional modules is illustrated, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the low power consumption device is divided into different functional modules to complete all or part of the above described functions. In addition, the data encryption device and the data encryption method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments and are not described herein again.
the above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (13)

1. a method for data encryption, the method comprising:
Applying for a section of memory for plaintext data to be encrypted according to a predetermined mode, wherein the memory comprises a first region located at the head of the memory and a second region located at the tail of the memory, and the size of the memory is equal to that of ciphertext data obtained by encrypting the plaintext data;
Writing the plaintext data to the second region;
sequentially reading plaintext data blocks with preset sizes from unread plaintext data in the second area, and encrypting the read plaintext data blocks according to a preset encryption algorithm to obtain ciphertext data blocks;
and writing the ciphertext data block into the first area, and continuing to write into the second area after the first area is full.
2. The method according to claim 1, wherein said applying for a segment of memory for plaintext data to be encrypted in a predetermined manner comprises:
Predicting the size of ciphertext data obtained by encrypting the plaintext data according to the preset encryption algorithm, wherein the ciphertext data comprises data corresponding to the plaintext data and preset description information;
And applying for a memory with the size equal to that of the ciphertext data.
3. The method of claim 1, wherein the writing the ciphertext data block to the first region comprises:
And sequentially writing encrypted ciphertext data blocks from the initial position of the first area, to which data is not written.
4. the method of claim 1, wherein writing the ciphertext data block to the first region and continuing to write to the second region after the first region is full comprises:
detecting whether the first area is full;
If the first area is fully written, sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area;
And if the first area is not fully written, writing the ciphertext data block into the first area.
5. the method of claim 2, further comprising:
and when all the plaintext data are encrypted and the encrypted data corresponding to the plaintext data are written into the memory, writing the description information into the second area in a covering manner in the area which is not covered by the ciphertext data.
6. The method according to any one of claims 1 to 5, further comprising:
And releasing the applied memory when the plaintext data is completely encrypted and all encrypted ciphertext data are read.
7. an apparatus for encrypting data, the apparatus comprising:
The memory application module is used for applying for a section of memory for plaintext data to be encrypted according to a preset mode, the memory comprises a first region located at the head of the memory and a second region located at the tail of the memory, and the size of the memory is equal to that of ciphertext data obtained by encrypting the plaintext data;
A first writing module, configured to write the plaintext data into the second area;
The data encryption module is used for sequentially reading plaintext data blocks with preset sizes from unread plaintext data in the second area and encrypting the read plaintext data blocks according to a preset encryption algorithm to obtain ciphertext data blocks;
And the second writing module is used for writing the ciphertext data block obtained by the encryption of the data encryption module into the first area, and continuing to write the ciphertext data block into the second area after the first area is full.
8. The apparatus of claim 7, wherein the memory application module comprises:
a size prediction unit configured to predict a size of ciphertext data obtained by encrypting the plaintext data according to the predetermined encryption algorithm, where the ciphertext data includes data corresponding to the plaintext data and predetermined description information;
And the memory application unit is used for applying a memory with the size equal to the size of the ciphertext data predicted by the size prediction unit.
9. the apparatus of claim 7, wherein the second writing module is further configured to:
And sequentially writing encrypted ciphertext data blocks from the initial position of the first area, to which data is not written.
10. The apparatus of claim 7, wherein the second write module comprises:
a detection unit configured to detect whether the first area is full;
The first writing unit is used for sequentially overwriting and writing encrypted ciphertext data blocks from the initial position of the second area when the detection unit detects that the first area is fully written;
And the second writing unit is further used for writing the ciphertext data block into the first area when the detection unit detects that the first area is not fully written.
11. The apparatus of claim 8, further comprising:
And the description information writing module is used for writing the description information in an area where the second area is not covered by the ciphertext data after all the plaintext data are encrypted and the encrypted data corresponding to the plaintext data are written into the memory.
12. the apparatus of any of claims 7 to 11, further comprising:
and the memory release module is used for releasing the applied memory after the plaintext data is completely encrypted and all encrypted ciphertext data are read.
13. A computer-readable storage medium having stored therein at least one program code, the at least one program code being loaded and executed by a processor, to implement the data encryption method of any one of claims 1 to 6.
CN201510465717.8A 2015-07-31 2015-07-31 Data encryption method and device Active CN106407127B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510465717.8A CN106407127B (en) 2015-07-31 2015-07-31 Data encryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510465717.8A CN106407127B (en) 2015-07-31 2015-07-31 Data encryption method and device

Publications (2)

Publication Number Publication Date
CN106407127A CN106407127A (en) 2017-02-15
CN106407127B true CN106407127B (en) 2019-12-10

Family

ID=58007941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510465717.8A Active CN106407127B (en) 2015-07-31 2015-07-31 Data encryption method and device

Country Status (1)

Country Link
CN (1) CN106407127B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462468B (en) * 2017-09-06 2021-05-28 深圳光启智能光子技术有限公司 Data processing method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2005124560A1 (en) * 2004-06-15 2008-04-17 ソニー株式会社 Information management apparatus and information management method
US8036377B1 (en) * 2006-12-12 2011-10-11 Marvell International Ltd. Method and apparatus of high speed encryption and decryption
CN102254127A (en) * 2011-08-11 2011-11-23 华为技术有限公司 Method, device and system for encrypting and decrypting files

Also Published As

Publication number Publication date
CN106407127A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
CN1641717B (en) Firmware encrypting and decrypting method and an apparatus using the same
CN106599735B (en) Data protection device, method and storage controller
JP5662037B2 (en) Data whitening to read and write data to non-volatile memory
CN1734475B (en) Semiconductor integrated circuit and information processing apparatus
CN102419807A (en) Secure erase system for a solid state non-volatile memory device
WO2010002666A2 (en) Nand memory
CN104134046A (en) Encryption method and device
CN104298926B (en) A kind of method and apparatus for running encryption file
US10762408B2 (en) Smart card
EP2434682A1 (en) Cryptographic apparatus and memory system
WO2014021821A1 (en) Writing data to solid state drives
US20150063565A1 (en) Methods and apparatuses for prime number generation and storage
KR102628010B1 (en) Encryption circuit for virtual encryption operation
JPWO2005004382A1 (en) Cryptographic processing device
CN103425761B (en) Method, system and device used for defragmentation of packed file
WO2007109373A2 (en) Recording over the key in otp encryption
CN115834201A (en) Data encryption method, data decryption method and data processing method for data storage system
CN106407127B (en) Data encryption method and device
CN112395627A (en) Encryption and decryption method, device and storage medium
CN106100829B (en) Method and device for encrypted storage
US9389855B2 (en) Arithmetic device
EP2082484A2 (en) Dual mode aes implementation to support single and multiple aes operations
CN108111501B (en) Control method and device for cheating flow and computer equipment
CN111125791A (en) Memory data encryption method and device, CPU chip and server
CN106356096B (en) Erasing and writing control method and circuit for nonvolatile memory

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240103

Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518000, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.